Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: explicitly enable auto cert chaining #22110

Closed
wants to merge 1 commit into from

Conversation

nornagon
Copy link
Contributor

@nornagon nornagon commented Aug 3, 2018

OpenSSL enables this feature by default, but BoringSSL doesn't, because it's expensive and unnecessary (see boringssl/27 and boringssl/42). This change makes it so that when building node with BoringSSL, the behaviour matches OpenSSL's.

Electron will be building node.js with BoringSSL in future, and we've floated this patch on our fork (see electron/node#47).

Checklist

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Aug 3, 2018
@addaleax
Copy link
Member

addaleax commented Aug 3, 2018

@nodejs/crypto

@Trott
Copy link
Member

Trott commented Aug 4, 2018

@nodejs/security-wg

@tniessen
Copy link
Member

tniessen commented Aug 4, 2018

Not objecting, but a couple of questions:

  • You are saying it is "expensive and unnecessary" and one of their commit messages contains this paragraph:

    In transition to removing it altogether, set SSL_MODE_NO_AUTO_CHAIN by
    default. If we find some consumer was relying on it, this will allow
    them to revert locally with SSL_(CTX_)clear_mode, but hopefully this was
    just unused.

    How does node rely on this behavior when built with BoringSSL? Is their assessment correct that node shouldn't rely on it?

  • The same commit suggests that the flag will be removed altogether in the future. How would we compensate for that?

  • Is this the only required change to make node work with BoringSSL?

@nornagon
Copy link
Contributor Author

nornagon commented Aug 5, 2018

How does node rely on this behavior when built with BoringSSL?

The specific behaviour I observed was when setting up a server with a self-signed cert, and providing the root/intermediate certs in the ca list, rather than writing the cert chain directly into the pem.

const server = https.createServer({
  key: fs.readFileSync(path.join(certPath, 'server.key')),
  cert: fs.readFileSync(path.join(certPath, 'server.pem')),
  ca: [
    fs.readFileSync(path.join(certPath, 'rootCA.pem')),
    fs.readFileSync(path.join(certPath, 'intermediateCA.pem'))
  ],
  requestCert: true,
  rejectUnauthorized: false
}, ...)

With automatic cert chaining, which is enabled by default in OpenSSL, a trust chain will be built for the cert on every handshake (see OpenSSL and BoringSSL, which also caches the chain). If this behaviour is disabled, which is the default in BoringSSL, then the certificate chain will not be automatically built from certs that are available in the CA list.

I think changing this behaviour in node—to not build these chains automatically—has the potential to be fairly disruptive, since it changes core APIs (https and tls) in a subtly breaking way. That said, there is a simple workaround, which is to build certificate chains ahead of time.

The same commit suggests that the flag will be removed altogether in the future. How would we compensate for that?

See boringssl/42, which is closed as WontFix, since wpa_supplicant depends on the auto-chaining feature too. So its removal from BoringSSL seems unlikely. Even if it were removed from BoringSSL, since Node.js doesn't officially support BoringSSL, I imagine there'd be no work for the Node.js team to do at all :)

Is this the only required change to make node work with BoringSSL?

In Electron, the only other changes we need to get node to compile with BoringSSL are a few #defines.
That said, I'm not an expert on the differences between BoringSSL and OpenSSL, and the full scope of what you mean when you say "work" is beyond me. OpenSSL is a massive library with a lot of functionality. But it compiles and runs and serves HTTPS—even without this PR!

@tniessen
Copy link
Member

tniessen commented Sep 9, 2018

We most likely won't support BoringSSL officially (which isn't recommended by BoringSSL anyway). Personally, I am okay with merging this with a comment explaining why this line is necessary and maybe also a preprocessor directive to skip this for non-BoringSSL builds. Pinging @nodejs/tsc for opinions.

@Trott
Copy link
Member

Trott commented Sep 9, 2018

No opinion on the change, but without at least a comment explaining the line, this risks being removed in a refactor at a later date.

@ryzokuken
Copy link
Contributor

@nornagon nornagon force-pushed the enable-auto-chaining branch from e90b790 to bc35f30 Compare September 18, 2018 19:54
@addaleax
Copy link
Member

@addaleax addaleax added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 19, 2018
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. CI failure is infrastructural. I'd say this PR is ready to land.

@tniessen
Copy link
Member

Landed in 7dae872.

@tniessen tniessen closed this Sep 27, 2018
tniessen pushed a commit that referenced this pull request Sep 27, 2018
OpenSSL enables this feature by default, but BoringSSL doesn't. This
change makes it so that when building node with BoringSSL, the
behaviour matches OpenSSL's.

PR-URL: #22110
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
targos pushed a commit that referenced this pull request Sep 27, 2018
OpenSSL enables this feature by default, but BoringSSL doesn't. This
change makes it so that when building node with BoringSSL, the
behaviour matches OpenSSL's.

PR-URL: #22110
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
targos pushed a commit that referenced this pull request Oct 3, 2018
OpenSSL enables this feature by default, but BoringSSL doesn't. This
change makes it so that when building node with BoringSSL, the
behaviour matches OpenSSL's.

PR-URL: #22110
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants